verification
#1
I have decrypted several NTLM
But they do not pass verification. I don't understand what needs to be done...
hascat published this text in out file
819ca87f810d69e1720a66faa28f2872:٨٥٢٧٤١
adce616e6746928159d6fddddd6e2dcf:ذثدظفف
dacdbeaa6aab6691b2e818cd0f8b9532:ضصثشظط
6a4c584da16e737e26e921282883b5d1:٩٧٦٤٣١٨٥٢
3451594e65408e3c1730072acd8743a2:٦٩٧٨١١١ا
a3996408406f4c96037bed330edc97f4:
فاثذثسف
I also tried to output to a file
--outfile-format=1,3

819ca87f810d69e1720a66faa28f2872:d9a8d9a5d9a2d9a7d9a4d9a1
adce616e6746928159d6fddddd6e2dcf:d8b0d8abd8afd8b8d981d981
dacdbeaa6aab6691b2e818cd0f8b9532:d8b6d8b5d8abd8b4d8b8d8b7
6a4c584da16e737e26e921282883b5d1:d9a9d9a7d9a6d9a4d9a3d9a1d9a8d9a5d9a2
3451594e65408e3c1730072acd8743a2:d9a6d9a9d9a7d9a8d9a1d9a1d9a1d8a7
a3996408406f4c96037bed330edc97f4:d981d8a7d8abd8b0d8abd8b3d981

I don't understand what's going on with passwords. Why don't they fit the hash?
hashcat -m 1000 --status -a 3 -O --hex-charset -w 3 'a3996408406f4c96037bed330edc97f4' d981d8a7d8abd8b0d8abd8b3d981


a3996408406f4c96037bed330edc97f4:فاثذثسف                 
Session..........: hashcat                               
Status...........: Cracked
Hash.Mode........: 1000 (NTLM)
Hash.Target......: a3996408406f4c96037bed330edc97f4
Time.Started.....: Mon Dec 19 12:30:01 2022 (0 secs)
Time.Estimated...: Mon Dec 19 12:30:01 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: d981d8a7d8abd8b0d8abd8b3d981 [14]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:      280 H/s (0.03ms) @ Accel:2048 Loops:1 Thr:32 Vec:8
Speed.#2.........:        0 H/s (0.00ms) @ Accel:2048 Loops:1 Thr:32 Vec:8
Speed.#*.........:      280 H/s
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#2...: Salt:0 Amplifier:0-0 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: فاثذثسف -> فاثذثسف
Candidates.#2....: [Generating]
Hardware.Mon.#1..: Temp: 41c Fan: 22% Util:  5% Core:1898MHz Mem:5005MHz Bus:16
Hardware.Mon.#2..: Temp: 31c Fan: 27% Util:100% Core:1721MHz Mem:5005MHz Bus:1
Started: Mon Dec 19 12:29:58 2022
Stopped: Mon Dec 19 12:30:02 2022
Reply
#2
what kind of verification? if you upload this to some cracking sites they maybe only accept plain ascii, but these strings are not ascii so dont blame hashcat for that

any way they seem to fit, outfile format 3 is HEX, normally hahscat would use these format in potfile like this
Code:
hash:$HEX[password in hex]
this also happens when there is a : in the password as this is hashcats native seperator char
Reply
#3
I tried different options before creating this theme. If it's not difficult for you, you can check it yourself.

https://hashes.com/en/tools/verify


These MD5 not ascii pass verification successfully...

86cb53b304740af1e01fc6bb3d01446a:и79псв
ed3acb5ce67efaf1a5a7fb9565163f3e:вцфкя400
0eafd2afe26c40f3e4b35b31fb91fc89:пщд19046
d14d5b9f23ac95f58cb651bf8d259ebd:7732041ы
98b4299eb762d6f6e0c2b771c6e85d47:9в40йз
a1e095f1a24ef7f7e8b7fa21c39404b0:1613Аа
6fc17af8fdc238f81b65d14b50f42567:цвсццй11
Reply
#4
first these are ntlm (regarding your hashcat output), not md5, but anyway, as i told before, most if not any of these "verifiers" dont cope right with utf-8 inputs

see this converter instead and see the hex output for your strings https://onlinehextools.com/convert-ascii-to-hex

input: ٨٥٢٧٤١ output: d9a8d9a5d9a2d9a7d9a4d9a1

this is exactly your outfile 3 (HEX) output for this string and therefore hashcat works correct, hashcat isnt the problem here, it is a typical encoding/decoding problem from this "verfier"

or just use the other ways around hex to "ascii"

https://onlinehextools.com/convert-hex-to-ascii
Reply